TIP: Click on subject to list as thread! ANSI
echo: binkd
to: ALEXEY FAYANS
from: ROB SWINDELL
date: 2019-12-19 15:51:00
subject: BINKP over TLS
  Re: BINKP over TLS
  By: Alexey Fayans to Rob Swindell on Fri Dec 20 2019 01:24 am

 >  >> 2. For any kind of TLS something must be decided on certificate
 >  >> authority.
 >  RS> Nope. Self-signed certificates provide privacy via TLS just fine.
 >  RS> A CA is only needed if you're going to use TLS for trust. If you're
 >  RS> only using TLS for privacy, then a CA-signed certificate is not
 >  RS> needed.
 >
 > The whole sentence is wrong. CA is required to make sure that the
 > certificate provided by server was not replaced by an attacker during MitM
 > attack. With self-signed certificate you can never tell that you are
 > connecting to the real system, unless you know a CA pubkey used to sign that
 > self-signed certificate. That's kinda basic stuff.

True, if you're concerned about active MitM attacks (not just
passive-snooping). But if you're concerned about active MitM attacks, then you
don't want to use STARTTLS either.

                                            digital man

Synchronet "Real Fact" #94:
Synchronet v3.15b was released in October of 2011 (5 years after v3.14a).
Norco, CA WX: 65.0øF, 24.0% humidity, 1 mph ESE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.